NAME
capinfo - Prints information about binary capture files
capinfo - Prints information about binary capture files
# 注释 :capinfo 是打印二进制 capture
文件的信息
[bob@mail ~]$ ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.033 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.030 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.023 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.032 ms
64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.015 ms
64 bytes from 127.0.0.1: icmp_seq=5 ttl=64 time=0.036 ms
64 bytes from 127.0.0.1: icmp_seq=6 ttl=64 time=0.018 ms
64 bytes from 127.0.0.1: icmp_seq=7 ttl=64 time=0.035 ms
64 bytes from 127.0.0.1: icmp_seq=8 ttl=64 time=0.016 ms
64 bytes from 127.0.0.1: icmp_seq=9 ttl=64 time=0.031 ms
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.033 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.030 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.023 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.032 ms
64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.015 ms
64 bytes from 127.0.0.1: icmp_seq=5 ttl=64 time=0.036 ms
64 bytes from 127.0.0.1: icmp_seq=6 ttl=64 time=0.018 ms
64 bytes from 127.0.0.1: icmp_seq=7 ttl=64 time=0.035 ms
64 bytes from 127.0.0.1: icmp_seq=8 ttl=64 time=0.016 ms
64 bytes from 127.0.0.1: icmp_seq=9 ttl=64 time=0.031 ms
--- 127.0.0.1
ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 8998ms
rtt min/avg/max/mdev = 0.015/0.026/0.036/0.010 ms, pipe 2
[bob@mail ~]$
10 packets transmitted, 10 received, 0% packet loss, time 8998ms
rtt min/avg/max/mdev = 0.015/0.026/0.036/0.010 ms, pipe 2
[bob@mail ~]$
[root@mail ~]# /usr/sbin/tethereal -i lo -w
lo.capture
Capturing on lo
20
[root@mail ~]#
Capturing on lo
20
[root@mail ~]#
[root@mail ~]# capinfo lo.capture
File Type: libpcap (tcpdump, Ethereal, etc.)
Number of packets: 20
File Size: 2304 bytes // 这个是 ls -l 显示的 lo.capture 文件的大小
Data Size: 1960 bytes
Capture duration: 8.998158 seconds
Start time: Wed Aug 22 09:55:41 2007
End time: Wed Aug 22 09:55:41 2007
Data rate: 217.82 bytes/s
Data rate: 1742.58 bits/s
Average packet size: 98.00 bytes
[root@mail ~]#
File Type: libpcap (tcpdump, Ethereal, etc.)
Number of packets: 20
File Size: 2304 bytes // 这个是 ls -l 显示的 lo.capture 文件的大小
Data Size: 1960 bytes
Capture duration: 8.998158 seconds
Start time: Wed Aug 22 09:55:41 2007
End time: Wed Aug 22 09:55:41 2007
Data rate: 217.82 bytes/s
Data rate: 1742.58 bits/s
Average packet size: 98.00 bytes
[root@mail ~]#
SYNOPSYS
capinfo [ -t ] [ -c ] [ -s ] [ -d ] [ -u ] [ -a ] [ -e ] [ -y ] [ -i ] [ -z ] [ -h ] capfile
capinfo [ -t ] [ -c ] [ -s ] [ -d ] [ -u ] [ -a ] [ -e ] [ -y ] [ -i ] [ -z ] [ -h ] capfile
DESCRIPTION
Capinfo is a program that reads a saved capture file and returns any
or all of several statistics about that file. Capinfo is able to
detect and read any capture supported by the Ethereal package.
Capinfo is a program that reads a saved capture file and returns any
or all of several statistics about that file. Capinfo is able to
detect and read any capture supported by the Ethereal package.
# 注释 :capinfo 是一个程序,它读取一个事先保存好的
capture 文件,并返回统计信息
# capinfo 是用于检测和读取 ethereal 软件包所支持的
capture 文件
Capinfo can read the following file
formats:
# 注释 :capinfo 能读取下面的格式
:
* libpcap/WinPcap, tcpdump and various
other tools using tcpdump’s capture format # 注释
:libcap/Wincap ,这是 tcpdump 和使用 tcpdump 工具生成的文件
* snoop and atmsnoop
* Shomiti/Finisar Surveyor captures
* Novell LANalyzer captures
* Microsoft Network Monitor captures
* AIX’s iptrace captures
* Cinco Networks NetXRay captures
* Network Associates Windows-based Sniffer captures
* Network General/Network Associates DOS-based Sniffer (compressed or uncompressed) captures
* AG Group/WildPackets EtherPeek/TokenPeek/AiroPeek/EtherHelp/PacketGrabber captures
* RADCOM’s WAN/LAN analyzer captures
* Network Instruments Observer version 9 captures
* Lucent/Ascend router debug output
* files from HP-UX’s nettl
* Toshiba’s ISDN routers dump output
* the output from i4btrace from the ISDN4BSD project
* traces from the EyeSDN USB S0.
* the output in IPLog format from the Cisco Secure Intrusion Detection System
* pppd logs (pppdump format)
* the output from VMS’s TCPIPtrace/TCPtrace/UCX$TRACE utilities
* the text output from the DBS Etherwatch VMS utility
* Visual Networks’ Visual UpTime traffic capture
* the output from CoSine L2 debug
* the output from Accellent’s 5Views LAN agents
* Endace Measurement Systems’ ERF format captures
* Linux Bluez Bluetooth stack hcidump -w traces
* snoop and atmsnoop
* Shomiti/Finisar Surveyor captures
* Novell LANalyzer captures
* Microsoft Network Monitor captures
* AIX’s iptrace captures
* Cinco Networks NetXRay captures
* Network Associates Windows-based Sniffer captures
* Network General/Network Associates DOS-based Sniffer (compressed or uncompressed) captures
* AG Group/WildPackets EtherPeek/TokenPeek/AiroPeek/EtherHelp/PacketGrabber captures
* RADCOM’s WAN/LAN analyzer captures
* Network Instruments Observer version 9 captures
* Lucent/Ascend router debug output
* files from HP-UX’s nettl
* Toshiba’s ISDN routers dump output
* the output from i4btrace from the ISDN4BSD project
* traces from the EyeSDN USB S0.
* the output in IPLog format from the Cisco Secure Intrusion Detection System
* pppd logs (pppdump format)
* the output from VMS’s TCPIPtrace/TCPtrace/UCX$TRACE utilities
* the text output from the DBS Etherwatch VMS utility
* Visual Networks’ Visual UpTime traffic capture
* the output from CoSine L2 debug
* the output from Accellent’s 5Views LAN agents
* Endace Measurement Systems’ ERF format captures
* Linux Bluez Bluetooth stack hcidump -w traces
There is no need to tell Capinfo what type
of file you are reading; it
will determine the file type by itself. Capinfo is also capable of
reading any of these file formats if they are compressed using gzip.
Capinfo recognizes this directly from the file; the ’.gz’ extension is
not required for this purpose.
will determine the file type by itself. Capinfo is also capable of
reading any of these file formats if they are compressed using gzip.
Capinfo recognizes this directly from the file; the ’.gz’ extension is
not required for this purpose.
# 注释 :你不需要告诉 capinfo 文件的格式,capinfo
会自动判断。capinfo 还能够读取用 gzip 压缩过的这些格式的文件
# 而且不要求有 .gz 后缀名
The user specifies which statistics to
report by specifying flags cor-
responding to the statistic. If no flags are specified, Capinfo will
report all statistics available.
responding to the statistic. If no flags are specified, Capinfo will
report all statistics available.
# 注释
:用户可以自定义需要报告什么统计信息,如果没有指定,则默认全部的统计信息都被输出
OPTIONS
-t Displays the capture type of the capture file.
-t Displays the capture type of the capture file.
# 注释 :-t 表示显示 capture
文件的类型
-c Counts the number of packets in the
capture file.
# 注释 :-c 表示统计 capture
文件中所含有的 packet 数来那个
-s Displays the size of the file, in
bytes. This reports the size of the capture file itself.
# 注释 :-s
表示显示文件的大小,单位是字节。它显示的是 capture 文件的大小
-d Displays the total length of all
packets in the file, in bytes. counts the size of the packets as they appeared
in their
original form, not as they appear in this file. For example, if a packet was originally 1514 bytes and only 256 of those bytes were
saved to the capture file (if packets were captured with a snaplen or other slicing option), Capinfo will consider the packet to have
been 1514 bytes.
original form, not as they appear in this file. For example, if a packet was originally 1514 bytes and only 256 of those bytes were
saved to the capture file (if packets were captured with a snaplen or other slicing option), Capinfo will consider the packet to have
been 1514 bytes.
# 注释 :-d 显示 capture 文件的所有
packet 的总长度,单位是字节。要注意,packet 的大小是按照它们原来的格式显示的,而不是按照在 capture
文件中的格式显示的
# 例如如果一个 packet 原来是 1514
字节,而且只有 256 字节被保存到文件中,capifno -d 还是报告 1514 字节
-u Displays the capture duration, in
seconds. This is the difference in time between the earliest packet seen and
latest packet seen.
# 注释 :-u 表示显示 capture
的过程,单位是秒。也就是最后一个包和第一个包的时间差
-a Displays the start time of the
capture. Capinfo considers the earliest timestamp seen to be the start time,
so the first packet
in the capture is not necessarily the earliest - if packets exist "out-of-order", time-wise, in the capture, Capinfo detects this.
in the capture is not necessarily the earliest - if packets exist "out-of-order", time-wise, in the capture, Capinfo detects this.
# 注释 :-a 表示显示 capute
的开始时间。capinfo 会自动挑出 timestamp 最早的那个 packet 并把该时间作为开始时间。
# 注意,capture
文件并不要求每个记录都按照时间排序。
-e Displays the end time of the capture.
Capinfo considers the latest timestamp seen to be the end time, so the last
packet in the
capture is not necessarily the latest - if packets exist "out-of-order", time-wise, in the capture, Capinfo detects this.
capture is not necessarily the latest - if packets exist "out-of-order", time-wise, in the capture, Capinfo detects this.
# 注释 :-e 表示显示 capture
的结束时间。capinfo 同样会选择 timestamp 最晚的那个 packet 作为结束时间
-y Displays the average data rate, in
bytes
# 注释 :-y
显示平均数据速率,单位是字节
-i Displays the average data rate, in
bits
# 注释 :-i
显示平均数据速率,单位是bit
-z displays the average packet size, in
bytes
# 注释 :-z 显示平均 packet
大小,单位是字节
-h Prints the help listing and
exits.
# 注释 :-h
打印帮助信息
SEE ALSO
tcpdump(8), pcap(3), ethereal(1), mergecap(1), editcap(1), tethe-
real(1)
tcpdump(8), pcap(3), ethereal(1), mergecap(1), editcap(1), tethe-
real(1)
NOTES
Capinfo is part of the Ethereal distribution. The latest version of
Ethereal can be found at .
Capinfo is part of the Ethereal distribution. The latest version of
Ethereal can be found at .
AUTHORS
Original Author
-------- ------
Ian Schorr
Original Author
-------- ------
Ian Schorr
Contributors
------------
------------
0.10.6 2004-08-12
CAPINFO(1)